On network-aware clustering of Web clients
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
The Making of a Spam Zombie Army: Dissecting the Sobig Worms
IEEE Security and Privacy
Locality: a new paradigm for thinking about normal behavior and outsider threat
Proceedings of the 2003 workshop on New security paradigms
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
New Threats and Attacks on the World Wide Web
IEEE Security and Privacy
Catching spam before it arrives: domain specific dynamic blacklists
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Scan Detection on Very Large Networks Using Logistic Regression Modeling
ISCC '06 Proceedings of the 11th IEEE Symposium on Computers and Communications
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Observed structure of addresses in IP traffic
IEEE/ACM Transactions on Networking (TON)
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Protection mechanisms against phishing attacks
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Fishing for phishes: applying capture-recapture methods to estimate phishing populations
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Unconstrained endpoint profiling (googling the internet)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
SS'08 Proceedings of the 17th conference on Security symposium
Detection of networks blocks used by the Storm Worm botnet
Proceedings of the 46th Annual Southeast Regional Conference on XX
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
P2P botnet detection using behavior clustering & statistical tests
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
The WOMBAT Attack Attribution Method: Some Results
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Creation of the importance scanning worm using information collected by Botnets
Computer Communications
NSF: network-based spam filtering based on on-line blacklisting against spamming botnets
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
On a multicriteria clustering approach for attack attribution
ACM SIGKDD Explorations Newsletter
Symptoms-based detection of bot processes
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Social network-based botnet command-and-control: emerging threats and countermeasures
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Filtering spam from bad neighborhoods
International Journal of Network Management
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
Detecting malware domains at the upper DNS hierarchy
SEC'11 Proceedings of the 20th USENIX conference on Security
A strategic analysis of spam botnets operations
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Internet bad neighborhoods: the spam case
Proceedings of the 7th International Conference on Network and Services Management
A framework for attack patterns' discovery in honeynet data
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Optimal source-based filtering of malicious traffic
IEEE/ACM Transactions on Networking (TON)
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
Detecting hidden enemy lines in IP address space
Proceedings of the 2013 workshop on New security paradigms workshop
| Hi-index | 0.00 |
The increased use of botnets as an attack tool and the awareness attackers have of blocking lists leads to the question of whether we can effectively predict future bot locations. To that end, we introduce a network quality that we term uncleanliness: an indicator of the propensity for hosts in a network to be compromised by outside parties. We hypothesize that unclean networks will demonstrate two properties: spatial and temporal uncleanliness. Spatial uncleanliness is the tendency for compromised hosts to cluster within unclean networks. Temporal uncleanliness is the tendency for unclean networks to contain compromised hosts for extended periods. We test for these properties by collating data from multiple indicators (spamming, phishing, scanning and botnet IRC log monitoring). We demonstrate evidence for both spatial and temporal uncleanliness. We further show evidence for cross-relationship between the various datasets, showing that botnet activity predicts spamming and scanning, while phishing activity appears to be unrelated to the other indicators.